Unforeseen Behavior on changing filter - bindings missing on first apply run #173
Closed as not planned
Description
TL;DR
The error manifests when altering filters. This Was causing the recreation of the pull_subscription object. Consequently, this process leads to the disappearance of access permissions previously assigned to that particular object, impacting the system's functionality.
Expected behavior
The expected behavior is to recreate service bindings, becouse they are missing after the subscription replacement process
Observed behavior
First run (apply):
Replace pull_subscription
Second run (apply)
Creating missing pull_subscription_sa_binding_viewer, pull_subscription_sa_binding_subscriber
Terraform Configuration
module "microservices" {
source = "terraform-google-modules/pubsub/google"
version = "6.0.0"
topic = "microservices-1"
project_id = module.project-factory.project_id
pull_subscriptions = [
{
"name" : "microservices-1"
"ack_deadline_seconds" = 600
"max_delivery_attempts" = 5
"maximum_backoff" = "10s"
"minimum_backoff" = "5s"
"enable_message_ordering" = true
"service_account" = "dev-xxxx@sscs-xxxxx-dev-xxxx.iam.gserviceaccount.com"
"expiration_policy" = ""
"filter" = "attributes:vendor1"
}
]
}
1. Apply (all resources was created)
2. Change filter
3. Apply (subscription was recreated)
4. Run plan:
- You have now missing bindings to create: `pull_subscription_sa_binding_viewer` and `pull_subscription_sa_binding_subscriber`Terraform Version
Version 1.6.6Additional information
Probably needed is to add:
lifecycle {
replace_triggered_by = [google_pubsub_subscription.pull_subscriptions]
}
In my opinion the following addition may introduce other issues that should be carefully reviewed.